Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

All Articles

Home
All Articles
Whole-of-State Cybersecurity: What it Means and Why it Matters

Blog Published: 01/24/2024

Originally published by CXO REvolutionaries. Written by David Cagigal, Former CIO of the State of Wisconsin. You’re the CIO of a state. Your charter is to secure, as fully as possible, all data and services used at the state level and to advise a variety of agencies and groups at the local level ...

CISO’s Checklist: How to Train Employees to be SaaS Cyber Aware

Blog Published: 01/23/2024

Originally published by AppOmni.Written by Tamara Bailey, Content Marketing Specialist, AppOmni. While no employee sets out to harm their company, end-user behaviors flaws are, by far, the primary cause behind SaaS data breaches and security incidents.This checklist will walk you through practica...

Six Tips for Segregating and Securing Your Dev, Testing and Production Environments

Blog Published: 01/23/2024

Originally published by Tenable. Written by Moshe Ben Dahan. As organizations move applications and data to the cloud, a key challenge they face is how to segregate their cloud environments, especially when it comes to development, testing and production. It’s worth overcoming the challenge, be...

State of Zero Trust Across Industries

Blog Published: 01/22/2024

Written by Christopher Niggel, Regional CSO, Americas at Okta. As we begin a new year, we reflect on the progress we’ve made over the past year, and our Zero Trust journeys are no different. In this installment of the Zero In column, we look at benchmarks from Okta’s latest State of Zero Trust re...

The New U.S. Policy for Artificial Intelligence: Thoughts on the White House Executive Order and its Implications for Cybersecurity

Blog Published: 01/22/2024

Originally published by CrowdStrike and SC Magazine on November 21, 2023.The major news in technology policy circles is this month’s release of the long-anticipated Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While E.O.s govern polic...

PCI DSS 3.2 vs. 4.0—Understanding the Difference and How to Prepare for the Updated Version

Blog Published: 01/22/2024

Originally published by BARR Advisory. Written by Kyle Cohlmia. The 2023 Verizon Payment Security Report (PSR) found that fewer than half of organizations are able to maintain sustainable control environments. According to the PSR, this statistic demonstrates that too many organizations don’t hav...

Clarifying 10 Cybersecurity Terms

Blog Published: 01/19/2024

The many facets of cloud and cybersecurity work together to create a holistic security posture. It’s rare to find an organization that has the skills and resources to devote the ideal amount of attention and energy to every area of cybersecurity, but being able to define some basic policies and p...

12 Months, 5 Lessons and 1 Forecast: Decoding Cybersecurity Trends in GenAI’s Inaugural Year

Blog Published: 01/19/2024

Written by Amit Mishra, Global Head, Data Security and Data Privacy Practice, Cybersecurity, HCLTech.GenAI was just launched. An unsuspecting employee in a large corporation decided to put this to good use. He shared the blueprint in the AI prompt. We can only speculate that he was trying to revi...

Predicting Monthly CVE Disclosure Trends for 2024: A Time Series (SARIMAX) Approach

Blog Published: 01/19/2024

Written by Yamineesh Kanaparthy. A Short BackstoryIf you have clicked to read this, you might be familiar with CVEs already. If you are not, CVE stands for Common Vulnerability and Exposure. In simple terms, a security flaw. A unique Identifier called ‘CVE ID’ is assigned and published by the CVE...

Why You Need a Vulnerability Disclosure Program (VDP)

Blog Published: 01/18/2024

Originally published by Synack. Written by Ron Ulko. What is a Vulnerability Disclosure Program (VDP)? Virtually all computer systems have vulnerabilities in their applications or infrastructure, and persistent hackers are constantly probing for those vulnerabilities to see if they can breac...

Creating an Incident Response Plan for Email Attacks

Blog Published: 01/18/2024

Originally published by Abnormal Security. Written by Mick Leach. Since 2013, the FBI has identified nearly $51 billion in exposed losses due to business email compromise. Modern threat actors are constantly finding new tactics for bypassing traditional security methods to access sensitive data. ...

What Got Us Here: A CISO's Perspective

Blog Published: 01/17/2024

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.I recently read “What Got You Here Won't Get You There” by Marshall Goldsmith. The book's premise, as the title suggests, is that the things that got you where you are today may not get you where you wan...

SaaS and Compliance

Blog Published: 01/17/2024

Originally published by Suridata.Written by Haviv Ohayon. If your business is subject to compliance, whether it’s based on the law or industry rules, your Software-as-a-Service (SaaS) applications will be part of the picture. Like any other area of the IT estate, your SaaS apps must enable compli...

Is the Auditor’s Role in a SOC 2 Audit Just to Find Gaps in Our System?

Blog Published: 01/17/2024

Originally published by MJD. Written by Chris Giles, CPA, Senior Manager, MJD. Q: Is the auditor’s role in a SOC 2® audit just to find gaps in our system?A: MJD AnswerThe auditor’s role in a SOC 2 audit is to provide an opinion on the design and operating effectiveness of the controls related to ...

Demystifying Cloud Security: Why the CCZT Course and Certificate Matter

Blog Published: 01/16/2024

Written by Jaye Tillson, Director of Strategy, Field CTO, HPE and Co-Host of the SSE Forum.In today's cloud-fuelled world, ensuring robust security is paramount. This is where the Cloud Security Alliance's (CSA) Certificate of Competence in Zero Trust (CCZT) shines.Let's delve into the benefits o...

Top 5 Non-Human Access Attacks of 2023

Blog Published: 01/16/2024

Originally published by Astrix. Written by Tal Skverer & Danielle Guetta. 2024 is here, and before we delve into new year resolutions and looking to the future, we wanted to take a moment and look back at some of the most high profile non-human access attacks in 2023, rank the top 5, and see ...

AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation

Blog Published: 01/16/2024

Originally published by Sysdig.Written by Alessandro Brucato. The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they’ve named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, an...

2024 Security Predictions

Blog Published: 01/12/2024

Originally published by DigiCert on November 8, 2023.As 2023 draws to a close, it’s time once again to look back on the past year’s security developments and make some bold predictions about the future of technology, identity and digital trust.Artificial intelligence (AI) was all over the news in...

An Analysis: 3 Breaches and the Role of Cloud Permissions

Blog Published: 01/12/2024

Originally published by Sonrai Security. Written by Tally Shea. Good security has long been about creating a barrier to entry. It’s been about ‘keeping them out.’ The spotlight, attention, and budget, has been dedicated to that pivotal moment – whether the perimeter is breached or not.This approa...

Cybersecurity 101: 10 Types of Cyber Attacks to Know

Blog Published: 01/11/2024

The first step of handling any problem is to know what you’re dealing with. So, here are the definitions for 10 different types of cyber attacks that we think you should know about:1. Account TakeoverAn attack where a malicious third party gains access to a legitimate online account. This allows ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
9
10
11
13
15
16
17
Last »